This forum is now a read-only archive. All commenting, posting, registration services have been turned off. Those needing community support and/or wanting to ask questions should refer to the Tag/Forum map, and to http://spring.io/questions for a curated list of stackoverflow tags that Pivotal engineers, and the community, monitor.

AnnouncementAnnouncement Module

Collapse

No announcement yet.

Authenticate tonr2 with a custom AuthenticationProvider against sparklr2Page Title Module

Authenticate tonr2 with a custom AuthenticationProvider against sparklr2

Feb 28th, 2012, 02:17 AM

I would like to authenticate the tonr2 users directly against sparklr2 (no forwarding to sparklr2!). For this I would like to use the login form at tonr2 to send the username & password to sparklr2 and authenticates the user. My idea is to create a custom AuthenticationProvider for this at tonr2.

Is this the right way to do something like this? How should I pass the token to spring security?

Comment

the idea is:
a) I have a REST-backend which is secured by spring-oauth. Different clients will access it.
b) I have a frontend which consumes the backend-REST-services.

Frontend
frontend has no own users, frontend sends OAuth "password" request to backend, if it's successfull frontend will authorizes the user. Frontend should then use the authentication-token to access the backend.

Instead of the browser-client is doeing the handshake, the frontendserver is doeing it.

In the browser simulated, the frontend-server will do something like this

2. Request with access_token from first request
http://localhost:8080/sparklr2/photos?access_token={access_token}

Finally I don't want to collect this access_token, the AuthenticationProvider should return it to the clientsession inside of a UsernamePasswordAuthenticationToken or something similar for OAuth. So that the token can be reused.

Maybe there's a simpler way for doeing this. What I don't want is that the frontend-users have something todo with the backend-rest-server. If they have to login somewhere, than it should allways be inside the frontend without any redirects.

Comment

OK. It sounds like your back-end is a pure Resource Server, and your front-end is an Authorization Server as well as a Client, in Oauth2 terms. That should work. The Sparklr2 sample is both Resource Server and Authorization Server, but you can split the two and put the Auth pieces in the client app (Tonr2 in the samples). The ResourceServerTokenServices would need access to the token information in the AuthServer - you can do that by using a shared TokenStore, for instance.

You mentioned very briefly some "other clients". They would have to be happy to use the same Auth Server.